Merge branch 'staging-next'

This round is without the systemd CVE, as we don't have binaries for that yet. BTW, I just ignore darwin binaries these days, as I'd have to wait for weeks for them.
author: Vladimír Čunát <vcunat@gmail.com> 2019-02-20 09:38:45 +0100
committer: Vladimír Čunát <vcunat@gmail.com> 2019-02-20 09:38:45 +0100
commit: 32767d139f28fd3c00d687c04ec406258f7341e7 (patch)
tree: b049aa5d798a9fa2555882c788592a0640928ba2 /pkgs/build-support
parent: 28d983fe25bcf853dfd38663f333d4c522f613cc (diff)
parent: e20188f181ca51882984daaee237a95f2fc5e7c9 (diff)
5 files changed, 54 insertions, 12 deletions
diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix
index c36181130478..176df51cbd9a 100644
--- a/pkgs/build-support/cc-wrapper/default.nix
+++ b/pkgs/build-support/cc-wrapper/default.nix
@@ -13,6 +13,7 @@
 , extraPackages ? [], extraBuildCommands ? ""
 , isGNU ? false, isClang ? cc.isClang or false, gnugrep ? null
 , buildPackages ? {}
+, libcxx ? null
 }:
 
 with stdenvNoCC.lib;
@@ -44,8 +45,11 @@ let
   # The wrapper scripts use 'cat' and 'grep', so we may need coreutils.
   coreutils_bin = if nativeTools then "" else getBin coreutils;
 
-  default_cxx_stdlib_compile = optionalString (targetPlatform.isLinux && !(cc.isGNU or false) && !nativeTools && cc ? gcc)
-    "-isystem $(echo -n ${cc.gcc}/include/c++/*) -isystem $(echo -n ${cc.gcc}/include/c++/*)/$(${cc.gcc}/bin/gcc -dumpmachine)";
+  default_cxx_stdlib_compile = if (targetPlatform.isLinux && !(cc.isGNU or false) && !nativeTools && cc ? gcc) then
+    "-isystem $(echo -n ${cc.gcc}/include/c++/*) -isystem $(echo -n ${cc.gcc}/include/c++/*)/$(${cc.gcc}/bin/gcc -dumpmachine)"
+  else if targetPlatform.isDarwin && (libcxx != null) && (cc.isClang or false) then
+    "-isystem ${libcxx}/include/c++/v1"
+  else "";
 
   # The "infix salt" is a arbitrary string added in the middle of env vars
   # defined by cc-wrapper's hooks so that multiple cc-wrappers can be used
@@ -256,9 +260,9 @@ stdenv.mkDerivation {
 
       echo "$ccLDFlags" > $out/nix-support/cc-ldflags
       echo "$ccCFlags" > $out/nix-support/cc-cflags
-    ''
-
-    + optionalString propagateDoc ''
+    '' + optionalString (targetPlatform.isDarwin && (libcxx != null) && (cc.isClang or false)) ''
+      echo " -L${libcxx}/lib" >> $out/nix-support/cc-ldflags
+    '' + optionalString propagateDoc ''
       ##
       ## Man page and info support
       ##
diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix
index f59900ab7596..ef17a3f4e58a 100644
--- a/pkgs/build-support/docker/default.nix
+++ b/pkgs/build-support/docker/default.nix
@@ -22,7 +22,8 @@
   referencesByPopularity,
   writeScript,
   writeText,
-  closureInfo
+  closureInfo,
+  substituteAll
 }:
 
 # WARNING: this API is unstable and may be subject to backwards-incompatible changes in the future.
@@ -279,6 +280,12 @@ rec {
     # of room for extension
     maxLayers ? 24
   }:
+    let
+      storePathToLayer = substituteAll
+      { inherit (stdenv) shell;
+        src = ./store-path-to-layer.sh;
+      };
+    in
     runCommand "${name}-granular-docker-layers" {
       inherit maxLayers;
       paths = referencesByPopularity closure;
@@ -298,9 +305,9 @@ rec {
       # following head and tail call lines, double-check that your
       # code behaves properly when the number of layers equals:
       #      maxLayers-1, maxLayers, and maxLayers+1
-      head -n $((maxLayers - 1)) $paths | cat -n | xargs -P$NIX_BUILD_CORES -n2 ${./store-path-to-layer.sh}
+      head -n $((maxLayers - 1)) $paths | cat -n | xargs -P$NIX_BUILD_CORES -n2 ${storePathToLayer}
       if [ $(cat $paths | wc -l) -ge $maxLayers ]; then
-        tail -n+$maxLayers $paths | xargs ${./store-path-to-layer.sh} $maxLayers
+        tail -n+$maxLayers $paths | xargs ${storePathToLayer} $maxLayers
       fi
 
       echo "Finished building layer '$name'"
diff --git a/pkgs/build-support/setup-hooks/fix-darwin-dylib-names.sh b/pkgs/build-support/setup-hooks/fix-darwin-dylib-names.sh
index 1b36f5f555da..af2ff0cc9662 100644
--- a/pkgs/build-support/setup-hooks/fix-darwin-dylib-names.sh
+++ b/pkgs/build-support/setup-hooks/fix-darwin-dylib-names.sh
@@ -23,7 +23,14 @@ fixDarwinDylibNames() {
     for fn in "$@"; do
         if [ -L "$fn" ]; then continue; fi
         echo "$fn: fixing dylib"
-        install_name_tool -id "$fn" "${flags[@]}" "$fn"
+        int_out=$(install_name_tool -id "$fn" "${flags[@]}" "$fn" 2>&1)
+        result=$?
+        if [ "$result" -ne 0 ] &&
+            ! grep "shared library stub file and can't be changed" <<< "$out"
+        then
+            echo "$int_out" >&2
+            exit "$result"
+        fi
     done
 }
 
diff --git a/pkgs/build-support/setup-hooks/wrap-gapps-hook.sh b/pkgs/build-support/setup-hooks/wrap-gapps-hook.sh
index 25ac12996cc1..b5ceb4a13d85 100644
--- a/pkgs/build-support/setup-hooks/wrap-gapps-hook.sh
+++ b/pkgs/build-support/setup-hooks/wrap-gapps-hook.sh
@@ -36,16 +36,40 @@ wrapGAppsHook() {
   done
 
   if [[ -z "$dontWrapGApps" ]]; then
+    targetDirsThatExist=()
+    targetDirsRealPath=()
+
+    # wrap binaries
     targetDirs=( "${prefix}/bin" "${prefix}/libexec" )
     for targetDir in "${targetDirs[@]}"; do
       if [[ -d "${targetDir}" ]]; then
-        find -L "${targetDir}" -type f -executable -print0 \
+        targetDirsThatExist+=("${targetDir}")
+        targetDirsRealPath+=("$(realpath "${targetDir}")/")
+        find "${targetDir}" -type f -executable -print0 \
           | while IFS= read -r -d '' file; do
-          echo "Wrapping program ${file}"
+          echo "Wrapping program '${file}'"
           wrapProgram "${file}" "${gappsWrapperArgs[@]}"
         done
       fi
     done
+
+    # wrap links to binaries that point outside targetDirs
+    # Note: links to binaries within targetDirs do not need
+    #       to be wrapped as the binaries have already been wrapped
+    if [[ ${#targetDirsThatExist[@]} -ne 0 ]]; then
+      find "${targetDirsThatExist[@]}" -type l -xtype f -executable -print0 \
+        | while IFS= read -r -d '' linkPath; do
+        linkPathReal=$(realpath "${linkPath}")
+        for targetPath in "${targetDirsRealPath[@]}"; do
+          if [[ "$linkPathReal" == "$targetPath"* ]]; then
+            echo "Not wrapping link: '$linkPath' (already wrapped)"
+            continue 2
+          fi
+        done
+        echo "Wrapping link: '$linkPath'"
+        wrapProgram "${linkPath}" "${gappsWrapperArgs[@]}"
+      done
+    fi
   fi
 }
 
diff --git a/pkgs/build-support/vm/default.nix b/pkgs/build-support/vm/default.nix
index 3612be1120ca..de6a5e3b62f9 100644
--- a/pkgs/build-support/vm/default.nix
+++ b/pkgs/build-support/vm/default.nix
@@ -164,7 +164,7 @@ rec {
     # Set up automatic kernel module loading.
     export MODULE_DIR=${kernel}/lib/modules/
     ${coreutils}/bin/cat <<EOF > /run/modprobe
-    #! /bin/sh
+    #! ${bash}/bin/sh
     export MODULE_DIR=$MODULE_DIR
     exec ${kmod}/bin/modprobe "\$@"
     EOF
author	Vladimír Čunát <vcunat@gmail.com>	2019-02-20 09:38:45 +0100
committer	Vladimír Čunát <vcunat@gmail.com>	2019-02-20 09:38:45 +0100
commit	32767d139f28fd3c00d687c04ec406258f7341e7 (patch)
tree	b049aa5d798a9fa2555882c788592a0640928ba2 /pkgs/build-support
parent	28d983fe25bcf853dfd38663f333d4c522f613cc (diff)
parent	e20188f181ca51882984daaee237a95f2fc5e7c9 (diff)